Beckerman: “Any effort to enshrine a strong national standard for data security must clearly outline the rules of the road for Internet companies and their users.”

Washington, D.C. – Today, the Internet Association sent a letter to the leadership of the House Committee on Education and the Workforce and sponsors of the Student Privacy Protection Act of 2015 (H.R. 3157). The letter calls for revisions to controversial provisions in the Student Privacy Protection Act 2015 (H.R. 3157). The revisions are necessary to safeguard the user data and privacy of students and their families, while creating a strong national standard that the industry can work with.

As it stands, H.R 3157 creates a contradictory labyrinth of data security legal frameworks that Internet companies and their employees must circumnavigate. Since H.R. 3157 does not preempt state data breach statutes, industry must monitor over 40 different sets of state laws in addition to its provisions. The letter also outlines how the bill would “impose vague security requirements, including notice requirements triggered by a ‘breach of the security practices,’ which theoretically could include common employee errors such as failing to properly sign-in a visitor or failing to logout of a computer when going to get coffee for 5 minutes.”

“Any effort to enshrine a strong national standard for data security must clearly outline the rules of the road for Internet companies and their users,” said Michael Beckerman, President and CEO of the Internet Association. “As the bill is currently drafted, companies may find themselves having to send multiple notices to the same consumers. These provisions will result in over-notifying consumers and unnecessary compliance burdens.”

Beyond its impact on consumers, the letter also highlights the impact that H.R. 3157 would have on ed-tech providers. The bill refers to “commonly accepted industry standards on privacy protections,” with no reference to the standards. As the letter explains, “In reality, these standards vary significantly according to the sensitivity of the personal information involved.”

“Earlier this year, the Internet Association gave constructive (but not unequivocal) support to the Data Security and Breach Notification Act of 2015 since it preempted all state data breach statutes, contained a narrowly crafted harm trigger, and did not create rulemaking authority. It sought to create a true national standard to protect consumers while recognizing legitimate industry concerns about the cost of compliance with its provisions. As currently drafted, H.R. 3157 has yet to achieve these goals,” Beckerman concluded.

Latest News

"Washington, DC – Internet Association Vice President, Federal Government Affairs Michael Bloom issued the following statement on the passage of the Reliable Emergency Alert Distribution Improvement Act of 2018 (READI Act) in the Senate: “The Commerce Committee is right to study ways to modernize how emergency alerts are delivered to Americans. The internet industry commends… Read moretail right